just how rampant is spyware? to find out, we did some spying of our own, with the help of several dozen pc magazine readers. these volunteers neatly split into two groups: those who were enthusiastic users of free file-sharing software, such as grokster, kazaa, and morpheus, and those who did little or no swapping.

we fitted each person's system with a spyware removal tool, along with a surveillance program we created called "who's spying on me?" once each day, our program launched the removal tool to delete any spyware on the system, analyzed the tool's log, and e-mailed the log and its analysis to us. who's spying on me? also checked the uninstall data in the registry and the shortcuts in the start menu and desktop, reporting new installations it found. the testers were given an opportunity to add comments to the e-mail. since in theory all spyware was removed each day, any spyware found after the initial cleanup would represent a new infestation.

to automate the spyware removal and logging process, we needed a removal tool that could be controlled through the command line. we began our tests using lavasoft's ad-aware 5.83. since not all of ad-aware's settings could be configured from the command line, who's spying on me? tweaked the configuration settings directly in the registry. after a week or so, it became clear that ad-aware was not completely successful in removing spyware it detected. (ad-aware has since updated to version 6, reviewed in this story.) we arranged to get copies of pestpatrol 4.1.0.14 for our volunteers, and we rewrote the reporting program to analyze the log files from pestpatrol's command line utilitya module separate from the utility reviewed here.

not surprisingly, the first logs we received from our testers were the biggest, because the software tools had just cleared out months or sometimes years of accumulated items. the majority of the removals were "tracking cookies" rather than true spyware. advertisers claim they use these cookies to gather nonindividualized information about web behavior. they can tell that someone saw one of their banner ads on a specific set of sites, but they can't tell who. yet by sending an e-mail including a "web bug," advertisers can associate a tracking cookie with a specific individual. most advertisers say they don't use this technique, but the removal tools wipe out the tracking cookies anyway, just in case.

leading the pack was doubleclick, not surprising in a group of pc magazine readers; pcmag.com, like many large sites, uses doubleclick to manage its advertising. (note that you can opt out of doubleclick's tracking by visiting www.privacychoices.org/optout.htm. after opting out, you may need to set your spyware removal tool to ignore the resulting opt-out cookie.) day after day, the removal tools cleared out tracking cookies, and day after day the cookies reappeared as the testers revisited their favorite sites; the logs tell a clear story, and there was little difference between the two groups of testers.

when we filtered out tracking cookies from our analysis and compared reports of actual spyware, the two test groups showed significant differences. as table 1 shows, the non-file-sharing group logged plenty of adware and spywareeven a trojan horse (we used the category assignments in pestpatrol's pest encyclopedia). but after initial cleanup, they had virtually no repeat infestations. early logs showed cydoor and savenow returning each day for some testers, but these did not represent new infestations. in truth, ad-aware's automated mode simply failed to remove them completely. when we switched to pestpatrol, the repeats vanished.

knowing that they were being monitored, or the psychological effect of seeing spyware reported every day, may perhaps have induced a greater degree of caution than usual among our testers. they may have decided against installing ad-supported software. perhaps they actually read the end user license agreements (eulas) for newly installed software and declined to accept any disclosed adware or spyware. whatever the reason, this group was remarkably clean during the remainder of the test period.

the file-sharing group produced a very different set of results. their systems revealed many of the same spyware elements as the first group, along with quite a few more (see table 2). this was to be expected: the installation programs for the free file-sharing applications grokster, kazaa, and morpheus all state that the programs are supported by advertising and require you to agree to their terms. if you do agree without reading the terms from start to finish, you may get more than you bargained for. we found in one case that by clicking on the i agree button you are agreeing to not one but ten eulas, all concatenated into a single, interminable text box. if you don't agree, the installation is cancelled.

be aware that not all the spyware these applications install is disclosed. see our table "spyware delivery methods" for some examples of what popular file-sharing applications installed at the time of our testing.

for the file-sharing group, the automatic removal process was never 100 percent effective. in some cases, removing the spyware disabled an ad-supported file-sharing utility. without brilliantdigital, for example, kazaa won't run. to regain the ability to share files, users had to reinstall the utility (and reload the spyware). in other cases, such as with grokster, either the file-sharing utility prevented spyware removal or it reinstalled the spyware automatically at the next log-on.

given this information, we decided to go undercover in the world of file sharing. we configured a system for an imaginary file-sharing enthusiast and put our spyware-tracking software in place. over the course of a week, we installed grokster, kazaa, and morpheus and watched the daily reports roll in.

pestpatrol actually identified the three file-sharing utilities themselves as spyware, in addition to their supporting adware/spyware programs. unfortunately, the automated removal process wasn't able to clean the system completely. we continued to encounter spyware-generated pop-up ads even when not surfing the web.

next, we brought up the control panel's add/remove programs applet and tried launching the uninstall routines for the file-sharing programs and any associated applications. our attempts were largely unsuccessful. some spyware components refused to uninstall; some nonspyware programs begged for mercy, sending pop-up windows arguing that they were legitimate applications. we couldn't even uninstall the file-sharing utilities themselves, because our spyware removal tool's partial success had damaged their uninstall routines. in the end, we had to reinstall the file-sharing tools and their ancillary applications and run add/remove programs to remove any that provided uninstall routines. after doing so, we successfully cleared all spyware from the system.

this may be more trouble than the average user is willingor would even knowto take. if you want to share music and other files using a free utility, you may just have to accept a certain amount of spyware. consider clearing out your system as we did and then reinstalling your file-sharing software. this time, carefully read every eula, and don't agree to anything or provide any personal information that's not required. if some of these dubious applications require personal data, you may want to consider giving out false information; there's no good reason for file-sharing apps or any of the things they bring along to know anything about you. that way, you'll minimize the impact of the added software.

our tests clearly showed that even if you don't use file sharing, chances are good that your system is infested with various spyware components. you'll want to clear them out using one of the removal tools we've reviewed. whether you clean out spyware daily, weekly, or monthly, regular removal will protect both your privacy and your productivity.

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.